Modified –decode [file] and –options [D] to drop privileges to the “nobody” user while running the interactive php interpreter and on the ownership of the decoded file while processing it
Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires:
Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404)
Added new option –wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option
If –quarantine or –delete fails (e.g. an immutable file), report failure to do so. Failure to quarantine will no longer attempt removal of the original file
Only “View” quarantine files in UI if they are text files